thewhiteh4t

11 exploits Active since Apr 2019
CVE-2020-10977 NOMISEC MEDIUM WORKING POC
GitLab EE/CE <12.9 - Path Traversal
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
70 stars
CVSS 5.5
CVE-2021-31630 NOMISEC HIGH WORKING POC
OpenPLC Webserver v3 - Remote Code Execution via Hardware Layer Code Box
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
21 stars
CVSS 8.8
CVE-2020-9375 NOMISEC HIGH WORKING POC
TP-Link Archer C50 V3 - Denial of Service via Crafted HTTP Referer Header
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
20 stars
CVSS 7.5
CVE-2019-11447 NOMISEC HIGH WORKING POC
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
9 stars
CVSS 8.8
CVE-2020-10977 NOMISEC MEDIUM WORKING POC
GitLab EE/CE <12.9 - Path Traversal
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
1 stars
CVSS 5.5
CVE-2026-27483 GITHUB HIGH python WORKING POC
MindsDB < 25.9.1.1 - Authenticated Path Traversal and Remote Command Execution via /api/files Upload
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the "Upload File" module, which corresponds to the API endpoint /api/files. Since the multipart file upload does not perform security checks on the uploaded file path, an attacker can perform path traversal by using `../` sequences in the filename field. The file write operation occurs before calling clear_filename and save_file, meaning there is no filtering of filenames or file types, allowing arbitrary content to be written to any path on the server. Version 25.9.1.1 patches the issue.
CVSS 8.8
CVE-2026-27483 NOMISEC HIGH WORKING POC
MindsDB < 25.9.1.1 - Authenticated Path Traversal and Remote Command Execution via /api/files Upload
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the "Upload File" module, which corresponds to the API endpoint /api/files. Since the multipart file upload does not perform security checks on the uploaded file path, an attacker can perform path traversal by using `../` sequences in the filename field. The file write operation occurs before calling clear_filename and save_file, meaning there is no filtering of filenames or file types, allowing arbitrary content to be written to any path on the server. Version 25.9.1.1 patches the issue.
CVSS 8.8
CVE-2020-9375 GITLAB HIGH WORKING POC
TP-Link Archer C50 V3 - Denial of Service via Crafted HTTP Referer Header
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
CVSS 7.5
CVE-2026-27483 EXPLOITDB HIGH python WORKING POC
MindsDB < 25.9.1.1 - Authenticated Path Traversal and Remote Command Execution via /api/files Upload
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution. The vulnerability exists in the "Upload File" module, which corresponds to the API endpoint /api/files. Since the multipart file upload does not perform security checks on the uploaded file path, an attacker can perform path traversal by using `../` sequences in the filename field. The file write operation occurs before calling clear_filename and save_file, meaning there is no filtering of filenames or file types, allowing arbitrary content to be written to any path on the server. Version 25.9.1.1 patches the issue.
CVSS 8.8
CVE-2023-37569 EXPLOITDB HIGH bash WORKING POC
ESDS Emagic Data Center Management Suite < 6.0 - Authenticated OS Command Injection via Ping Component
This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.
CVSS 8.8
CVE-2020-9375 EXPLOITDB HIGH python WORKING POC
TP-Link Archer C50 V3 - Denial of Service via Crafted HTTP Referer Header
TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field.
CVSS 7.5